Posts

Showing posts from October, 2017

How to start a Career in Cyber Security

Image
I received an infographic by  cybersecurityjobs.net  on the top ten tips on landing a cyber security job, I  thought it provided excellent advice for budding cyber security professionals looking to gain a foothold.  There is a considerable shortage of experienced cyber security professionals in the UK, but starting out in cyber security is a 'chicken and egg' scenario, in that it can be difficult to land a cyber security job without having the experience, but you can't get the necessary experience without being in a dedicated cyber security role.  If you are struggling to get into the industry I recommend initially specialising in a specific area of security, undertake training and gain qualifications. Be patient, expand upon your areas of knowledge and experience, working your way up in different roles to your dream cyber security job. Dream big, but think small.

Krack WiFi Attack: Vulnerabilities in WPA2 Protocol

All Wi-Fi connections are potentially vulnerable to a newly discovered security attack called "Krack", which allows an attacker to listen in on internet traffic (a Man-in-the-Middle Attack) over a wireless network.  In theory, a hacker could read your web and email communications, and even inject malware like ransomware onto your device. Krack takes advantage of unpatched Apple, Android, and Windows operation systems, while unpatched Wi-Fi access points can be manipulated to orchestrate the man-in-the-middle attack. The sky is not falling in on WiFi, this is not like the WEP protocol situation of many years ago, WEP is a security protocol fundamentally flawed by design, WPA2 encryption is not broken, the software that uses it needs to be corrected to secure it. Wireless Access Points (APs) and operating systems that use WPA2 are (or soon will be) patchable, which protects them from this attack. For a video demo of the attack see -  https://www.krac...

Cyber Security Roundup for September 2017

A massive data breach at Equifax dominated the UK media finance headlines this month, after 143 million customer records were compromised by a cyber-attack, 400,000 of which were UK customer accounts. Hackers took advantage of Equifax’s negligence in not applying security updates to servers. The data breach has already cost the CEO, CIO and CISO their jobs. In the UK Equifax faces investigations and the prospect of significant fines by both the Financial Conduct Authority and the Information Commissioner's Office over the loss of UK customer financial and personal data respectively. Hackers stole a quarter of a million Deloitte client emails , follow the breach Deloitte was criticised by security professional for not adopting two-factor authentication to protect the email data which they hosted in Microsoft’s Azure cloud service. September was an extremely busy month for security updates, with major patches releases by Microsoft , Adobe , Apache , Cisco and Apple to fix a...